Re: [squid-users] Re: Squid 3.1 and https ssl aes256 issue

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 05 Jun 2012 20:40:47 +1200

On 5/06/2012 7:05 p.m., alextouch wrote:
>
>> It is most likely that your clients browsers or SSL libraries are
>> missing AES-256 support or are getting stuck negotiating to use a
>> version of TLS/SSL which supports it.
>>
>> Amos
>>
> Ok, but if I turn off proxy setting in clients and allow a direct connection
> to the internet, all works well.
> So I think there is something strange in my proxy machine/configuration that
> denies some packets to flow correctly through it.
> Client-side, if I leave proxy enabled and try to contact aes-256 sites, in
> netstat I can see the connection in SYN_SENT state, so that I think that
> somewhere some packets are dropped...

Just SYN_SENT? no TCP connection completed and CONNECT HTTP request
sent? (all that has to happen *before* the first octet of TLS starts)

Very strange.

Amos
Received on Tue Jun 05 2012 - 08:41:02 MDT

This archive was generated by hypermail 2.2.0 : Tue Jun 05 2012 - 12:00:03 MDT